[openssl-dev] [RFC 0/2] Proposal for seamless handling of TPM based RSA keys in openssl
Richard Levitte
levitte at openssl.org
Tue Nov 22 23:03:41 UTC 2016
In message <021a5d5b885845f5ab79c4420232e415 at usma1ex-dag1mb1.msg.corp.akamai.com> on Tue, 22 Nov 2016 18:03:31 +0000, "Salz, Rich" <rsalz at akamai.com> said:
rsalz> It is already possible to write a utility library that tries
rsalz> everything in turn, and returns an enumeration that says "seems
rsalz> to be an X509 certificate" etc. And then another routine that
rsalz> takes that enumeration and the blob and calls the right
rsalz> decoder. I would be okay with that, even if it were part of
rsalz> OpenSSL. I am opposed to guessing and parsing in one step, and
rsalz> would -1 any PR for that, forcing a team discussion.
Uhmmmm... the d2i functions are already both in one. Are you saying
they should be split in two, one part that does all the checking and
the other that just decodes, trusting that all checks are already
done? What you're gonna do there is double part of the work.
But, what I get from you is "what if a octet stream matches two
different ASN.1 types? Is that it?
--
Richard Levitte levitte at openssl.org
OpenSSL Project http://www.openssl.org/~levitte/
More information about the openssl-dev
mailing list